From 1f5600c437e6f34f71a4190e02cf92e859aa5bce Mon Sep 17 00:00:00 2001 From: Alejandro Pedraza Date: Tue, 12 Mar 2024 12:41:26 -0500 Subject: [PATCH] Use IPv6-enabled proxy-init Followup to linkerd/linkerd2-proxy-init#350 In support of the new proxy-init flags `--iptables-mode` and `--ipv6`: - For the linkerd-control-plane chart added the values.yaml entry `enableIPv6` (defaults to true). The `proxyInit.iptablesMode` was already there, but we interpret it now slightly differently in `_proxy-init.tpl`. - For the linkerd2-cni chart added the entries `iptablesMode` (defaults to "legacy") and `enableIPv6` (defaults to true). Note this allows routing IPv6 traffic to the proxy, but it's just the first step towards IPv6/dual-stack support. More control plane and proxy changes will come up next. *Do not merge yet*: We're pulling the images `ghcr.io/alpeb/proxy-init:ipv6` and `ghcr.io/alpeb/cni-plugin:ipv6` as temporary builds for linkerd/linkerd2-proxy-init#350, while that gets released. --- .github/workflows/integration.yml | 2 +- charts/linkerd-control-plane/README.md | 5 +++-- charts/linkerd-control-plane/values.yaml | 4 +++- charts/linkerd2-cni/README.md | 6 ++++-- charts/linkerd2-cni/templates/cni-plugin.yaml | 4 +++- charts/linkerd2-cni/values.yaml | 8 ++++++-- charts/partials/templates/_proxy-init.tpl | 14 ++++++------- .../expected/injected_nginx.yaml | 5 ++++- .../expected/injected_nginx_redis.yaml | 10 ++++++++-- .../expected/injected_redis.yaml | 5 ++++- cli/cmd/testdata/inject_contour.golden.yml | 5 ++++- ...ject_emojivoto_already_injected.golden.yml | 20 +++++++++++++++---- .../inject_emojivoto_deployment.golden.yml | 5 ++++- ...emojivoto_deployment_access_log.golden.yml | 5 ++++- ...omountServiceAccountToken_false.golden.yml | 5 ++++- ...ojivoto_deployment_capabilities.golden.yml | 5 ++++- ...oto_deployment_config_overrides.golden.yml | 5 ++++- ...voto_deployment_controller_name.golden.yml | 10 ++++++++-- ...ject_emojivoto_deployment_debug.golden.yml | 5 ++++- ...voto_deployment_empty_resources.golden.yml | 5 ++++- ...to_deployment_hostNetwork_false.golden.yml | 5 ++++- ...ivoto_deployment_native_sidecar.golden.yml | 5 ++++- ...ojivoto_deployment_opaque_ports.golden.yml | 5 ++++- ...emojivoto_deployment_overridden.golden.yml | 5 ++++- ...ojivoto_deployment_proxyignores.golden.yml | 5 ++++- ...inject_emojivoto_deployment_udp.golden.yml | 5 ++++- .../testdata/inject_emojivoto_list.golden.yml | 10 ++++++++-- ..._emojivoto_list_empty_resources.golden.yml | 10 ++++++++-- .../testdata/inject_emojivoto_pod.golden.yml | 5 ++++- .../inject_emojivoto_pod_ingress.golden.yml | 5 ++++- ...ject_emojivoto_pod_proxyignores.golden.yml | 5 ++++- ...ect_emojivoto_pod_with_requests.golden.yml | 5 ++++- .../inject_emojivoto_statefulset.golden.yml | 5 ++++- .../inject_gettest_deployment.good.golden.yml | 10 ++++++++-- .../inject_tap_deployment_debug.golden.yml | 5 ++++- .../install-cni-plugin_default.golden | 6 ++++-- ...install-cni-plugin_fully_configured.golden | 4 +++- ...-plugin_fully_configured_equal_dsts.golden | 4 +++- ...lugin_fully_configured_no_namespace.golden | 4 +++- .../install-cni-plugin_skip_ports.golden | 6 ++++-- .../install_cni_helm_default_output.golden | 6 ++++-- .../install_cni_helm_override_output.golden | 4 +++- ...install_controlplane_tracing_output.golden | 18 +++++++++++++---- cli/cmd/testdata/install_custom_domain.golden | 18 +++++++++++++---- .../testdata/install_custom_registry.golden | 18 +++++++++++++---- cli/cmd/testdata/install_default.golden | 18 +++++++++++++---- ...stall_default_override_dst_get_nets.golden | 18 +++++++++++++---- cli/cmd/testdata/install_default_token.golden | 18 +++++++++++++---- cli/cmd/testdata/install_ha_output.golden | 18 +++++++++++++---- .../install_ha_with_overrides_output.golden | 18 +++++++++++++---- .../install_heartbeat_disabled_output.golden | 18 +++++++++++++---- .../install_helm_control_plane_output.golden | 10 ++++++++++ ...nstall_helm_control_plane_output_ha.golden | 10 ++++++++++ .../install_helm_output_ha_labels.golden | 10 ++++++++++ ...l_helm_output_ha_namespace_selector.golden | 10 ++++++++++ .../testdata/install_no_init_container.golden | 3 ++- cli/cmd/testdata/install_output.golden | 9 ++++++++- cli/cmd/testdata/install_proxy_ignores.golden | 18 +++++++++++++---- cli/cmd/testdata/install_values_file.golden | 18 +++++++++++++---- .../fake/data/pod-with-debug.patch.json | 5 ++++- .../data/pod-with-ns-annotations.patch.json | 5 ++++- .../proxy-injector/fake/data/pod.patch.json | 5 ++++- justfile | 8 ++++---- pkg/charts/cni/values.go | 2 ++ pkg/charts/linkerd2/values.go | 1 + pkg/charts/linkerd2/values_test.go | 1 + pkg/version/version.go | 4 ++-- .../integration/install/inject/inject_test.go | 4 +++- test/integration/multicluster/install_test.go | 2 +- 69 files changed, 425 insertions(+), 119 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index fc91907edbc2d..7f0caef7ed640 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -29,7 +29,7 @@ permissions: env: CARGO_INCREMENTAL: 0 CARGO_NET_RETRY: 10 - DOCKER_REGISTRY: ghcr.io/linkerd + DOCKER_REGISTRY: ghcr.io/alpeb GH_ANNOTATION: true K3D_VERSION: v5.4.4 RUST_BACKTRACE: short diff --git a/charts/linkerd-control-plane/README.md b/charts/linkerd-control-plane/README.md index 523ca5ce23132..dbe7aacbc31bc 100644 --- a/charts/linkerd-control-plane/README.md +++ b/charts/linkerd-control-plane/README.md @@ -161,6 +161,7 @@ Kubernetes: `>=1.22.0-0` | disableHeartBeat | bool | `false` | Set to true to not start the heartbeat cronjob | | enableEndpointSlices | bool | `true` | enables the use of EndpointSlice informers for the destination service; enableEndpointSlices should be set to true only if EndpointSlice K8s feature gate is on | | enableH2Upgrade | bool | `true` | Allow proxies to perform transparent HTTP/2 upgrading | +| enableIPv6 | bool | `true` | enables routing IPv6 traffic in addition to IPv4 traffic through the proxy | | enablePSP | bool | `false` | Add a PSP resource and bind it to the control plane ServiceAccounts. Note PSP has been deprecated since k8s v1.21 | | enablePodAntiAffinity | bool | `false` | enables pod anti affinity creation on deployments for high availability | | enablePodDisruptionBudget | bool | `false` | enables the creation of pod disruption budgets for control plane components | @@ -269,9 +270,9 @@ Kubernetes: `>=1.22.0-0` | proxyInit.closeWaitTimeoutSecs | int | `0` | | | proxyInit.ignoreInboundPorts | string | `"4567,4568"` | Default set of inbound ports to skip via iptables - Galera (4567,4568) | | proxyInit.ignoreOutboundPorts | string | `"4567,4568"` | Default set of outbound ports to skip via iptables - Galera (4567,4568) | -| proxyInit.image.name | string | `"cr.l5d.io/linkerd/proxy-init"` | Docker image for the proxy-init container | +| proxyInit.image.name | string | `"ghcr.io/alpeb/proxy-init"` | Docker image for the proxy-init container | | proxyInit.image.pullPolicy | string | imagePullPolicy | Pull policy for the proxy-init container image | -| proxyInit.image.version | string | `"v2.2.4"` | Tag for the proxy-init container image | +| proxyInit.image.version | string | `"ipv6"` | Tag for the proxy-init container image | | proxyInit.iptablesMode | string | `"legacy"` | Variant of iptables that will be used to configure routing. Currently, proxy-init can be run either in 'nft' or in 'legacy' mode. The mode will control which utility binary will be called. The host must support whichever mode will be used | | proxyInit.kubeAPIServerPorts | string | `"443,6443"` | Default set of ports to skip via iptables for control plane components so they can communicate with the Kubernetes API Server | | proxyInit.logFormat | string | plain | Log format (`plain` or `json`) for the proxy-init | diff --git a/charts/linkerd-control-plane/values.yaml b/charts/linkerd-control-plane/values.yaml index b44751dd15197..2401bae62f700 100644 --- a/charts/linkerd-control-plane/values.yaml +++ b/charts/linkerd-control-plane/values.yaml @@ -32,6 +32,8 @@ deploymentStrategy: # enableEndpointSlices should be set to true only if EndpointSlice K8s feature # gate is on enableEndpointSlices: true +# -- enables routing IPv6 traffic in addition to IPv4 traffic through the proxy +enableIPv6: true # -- enables pod anti affinity creation on deployments for high availability enablePodAntiAffinity: false # -- enables the use of pprof endpoints on control plane component's admin @@ -264,7 +266,7 @@ proxyInit: # @default -- imagePullPolicy pullPolicy: "" # -- Tag for the proxy-init container image - version: v2.2.4 + version: ipv6 resources: cpu: # -- Maximum amount of CPU units that the proxy-init container can use diff --git a/charts/linkerd2-cni/README.md b/charts/linkerd2-cni/README.md index b8cbff96636a8..75a25c51190fa 100644 --- a/charts/linkerd2-cni/README.md +++ b/charts/linkerd2-cni/README.md @@ -25,15 +25,17 @@ Kubernetes: `>=1.22.0-0` | commonLabels | object | `{}` | Labels to apply to all resources | | destCNIBinDir | string | `"/opt/cni/bin"` | Directory on the host where the CNI configuration will be placed | | destCNINetDir | string | `"/etc/cni/net.d"` | Directory on the host where the CNI plugin binaries reside | +| enableIPv6 | bool | `true` | Enables adding IPv6 rules on top of IPv4 rules | | enablePSP | bool | `false` | Add a PSP resource and bind it to the linkerd-cni ServiceAccounts. Note PSP has been deprecated since k8s v1.21 | | extraInitContainers | list | `[]` | Add additional initContainers to the daemonset | | ignoreInboundPorts | string | `""` | Default set of inbound ports to skip via iptables | | ignoreOutboundPorts | string | `""` | Default set of outbound ports to skip via iptables | -| image.name | string | `"cr.l5d.io/linkerd/cni-plugin"` | Docker image for the CNI plugin | +| image.name | string | `"ghcr.io/alpeb/cni-plugin"` | Docker image for the CNI plugin | | image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the linkerd-cni container | -| image.version | string | `"v1.3.0"` | Tag for the CNI container Docker image | +| image.version | string | `"ipv6"` | Tag for the CNI container Docker image | | imagePullSecrets | list | `[]` | | | inboundProxyPort | int | `4143` | Inbound port for the proxy container | +| iptablesMode | string | `"legacy"` | Variant of iptables that will be used to configure routing | | logLevel | string | `"info"` | Log level for the CNI plugin | | outboundProxyPort | int | `4140` | Outbound port for the proxy container | | podLabels | object | `{}` | Additional labels to add to all pods | diff --git a/charts/linkerd2-cni/templates/cni-plugin.yaml b/charts/linkerd2-cni/templates/cni-plugin.yaml index 54072411eaca0..1da03d1455ffe 100644 --- a/charts/linkerd2-cni/templates/cni-plugin.yaml +++ b/charts/linkerd2-cni/templates/cni-plugin.yaml @@ -176,7 +176,9 @@ data: ], {{- end }} "simulate": false, - "use-wait-flag": {{.Values.useWaitFlag}} + "use-wait-flag": {{.Values.useWaitFlag}}, + "iptables-mode": {{.Values.iptablesMode | quote}}, + "ipv6": {{.Values.enableIPv6}} } } --- diff --git a/charts/linkerd2-cni/values.yaml b/charts/linkerd2-cni/values.yaml index a9f9e8fd48781..cd027b0702194 100644 --- a/charts/linkerd2-cni/values.yaml +++ b/charts/linkerd2-cni/values.yaml @@ -26,6 +26,10 @@ destCNINetDir: "/etc/cni/net.d" destCNIBinDir: "/opt/cni/bin" # -- Configures the CNI plugin to use the -w flag for the iptables command useWaitFlag: false +# -- Variant of iptables that will be used to configure routing +iptablesMode: "legacy" +# -- Enables adding IPv6 rules on top of IPv4 rules +enableIPv6: true # -- Kubernetes priorityClassName for the CNI plugin's Pods priorityClassName: "" @@ -51,9 +55,9 @@ tolerations: # -|- Image section image: # -- Docker image for the CNI plugin - name: "cr.l5d.io/linkerd/cni-plugin" + name: "ghcr.io/alpeb/cni-plugin" # -- Tag for the CNI container Docker image - version: "v1.3.0" + version: "ipv6" # -- Pull policy for the linkerd-cni container pullPolicy: IfNotPresent diff --git a/charts/partials/templates/_proxy-init.tpl b/charts/partials/templates/_proxy-init.tpl index 91cc96e0a63df..a3dca6fb8a17f 100644 --- a/charts/partials/templates/_proxy-init.tpl +++ b/charts/partials/templates/_proxy-init.tpl @@ -1,12 +1,12 @@ {{- define "partials.proxy-init" -}} -args: -{{- if (.Values.proxyInit.iptablesMode | default "legacy" | eq "nft") }} -- --firewall-bin-path -- "iptables-nft" -- --firewall-save-bin-path -- "iptables-nft-save" -{{- else if not (eq .Values.proxyInit.iptablesMode "legacy") }} +{{ if not (has .Values.proxyInit.iptablesMode (list "nft" "legacy")) -}} {{ fail (printf "Unsupported value \"%s\" for proxyInit.iptablesMode\nValid values: [\"nft\", \"legacy\"]" .Values.proxyInit.iptablesMode) }} +{{end -}} +args: +- --iptables-mode +- {{.Values.proxyInit.iptablesMode}} +{{- if .Values.enableIPv6 }} +- --ipv6 {{- end }} - --incoming-proxy-port - {{.Values.proxy.ports.inbound | quote}} diff --git a/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml b/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml index 0db1ef7dd900a..09d2b851b8368 100644 --- a/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml +++ b/cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml @@ -171,6 +171,9 @@ spec: name: http initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -181,7 +184,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml b/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml index c3e7b5ad6a90d..aa29e84764350 100644 --- a/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml +++ b/cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml @@ -171,6 +171,9 @@ spec: name: server initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -181,7 +184,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -394,6 +397,9 @@ spec: name: http initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -404,7 +410,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml b/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml index b4cfacb0bf59e..6a48fb58314e7 100644 --- a/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml +++ b/cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml @@ -171,6 +171,9 @@ spec: name: server initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -181,7 +184,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_contour.golden.yml b/cli/cmd/testdata/inject_contour.golden.yml index 12ec248bcc02e..c2cb8eb53e544 100644 --- a/cli/cmd/testdata/inject_contour.golden.yml +++ b/cli/cmd/testdata/inject_contour.golden.yml @@ -211,6 +211,9 @@ spec: - mountPath: /config name: contour-config - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -221,7 +224,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml b/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml index ccdba275c0d0e..d6c8846032a51 100644 --- a/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml @@ -182,6 +182,9 @@ spec: name: http initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -192,7 +195,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -416,6 +419,9 @@ spec: name: http initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -426,7 +432,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -650,6 +656,9 @@ spec: name: http initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -660,7 +669,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -884,6 +893,9 @@ spec: name: http initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -894,7 +906,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml index f1c55ca55c70b..20271df981675 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment.golden.yml @@ -182,6 +182,9 @@ spec: name: http initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -192,7 +195,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml index 059ae11fc9716..692792c791ede 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml @@ -185,6 +185,9 @@ spec: name: http initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -195,7 +198,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml index 65418f9319f39..0bb01e557a159 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml @@ -174,6 +174,9 @@ spec: name: http initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -184,7 +187,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml index c98d03cd854b1..1ba87ce24e132 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml @@ -195,6 +195,9 @@ spec: runAsUser: 33 initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -205,7 +208,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml index a28192bd11252..97c330ca0d5b0 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml @@ -199,6 +199,9 @@ spec: name: http initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -209,7 +212,7 @@ spec: - 4190,9998,7777,8888 - --outbound-ports-to-ignore - "9999" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml index d2a627b67add2..f84ad94183c07 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml @@ -182,6 +182,9 @@ spec: name: http initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -192,7 +195,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -416,6 +419,9 @@ spec: name: http initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -426,7 +432,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml index 0c31f157a3f7a..daa91fe833b0d 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml @@ -195,6 +195,9 @@ spec: terminationMessagePolicy: FallbackToLogsOnError initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -205,7 +208,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml index abc406a4a5ec8..4c35cad69a495 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml @@ -182,6 +182,9 @@ spec: name: http initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -192,7 +195,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml index 598a40ba35cd8..5881779210671 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml @@ -183,6 +183,9 @@ spec: name: http initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -193,7 +196,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml index 13cbb04a494af..97e1e5029ce03 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml @@ -38,6 +38,9 @@ spec: name: http initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -48,7 +51,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml index bc9ae6952a4df..0ee6d32d65d58 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_opaque_ports.golden.yml @@ -183,6 +183,9 @@ spec: name: http initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -193,7 +196,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml index cbb0a8d32e67f..fc0e7569de0c8 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_overridden.golden.yml @@ -183,6 +183,9 @@ spec: name: http initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -193,7 +196,7 @@ spec: - 4190,1234,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml index b0c69e88cb4f1..f1fa44c196314 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_proxyignores.golden.yml @@ -184,6 +184,9 @@ spec: name: http initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -194,7 +197,7 @@ spec: - 4190,4191,22,8100-8102 - --outbound-ports-to-ignore - "5432" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml b/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml index 0c929bb746e32..f38827fdf889b 100644 --- a/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_deployment_udp.golden.yml @@ -184,6 +184,9 @@ spec: protocol: UDP initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -194,7 +197,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_list.golden.yml b/cli/cmd/testdata/inject_emojivoto_list.golden.yml index 129c201dfdf94..d0f8de12cf5d5 100644 --- a/cli/cmd/testdata/inject_emojivoto_list.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_list.golden.yml @@ -184,6 +184,9 @@ items: name: http initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -194,7 +197,7 @@ items: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -412,6 +415,9 @@ items: protocol: TCP initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -422,7 +428,7 @@ items: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml b/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml index 71be56d2722bc..7f7963f2e8f46 100644 --- a/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_list_empty_resources.golden.yml @@ -184,6 +184,9 @@ items: name: http initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -194,7 +197,7 @@ items: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -412,6 +415,9 @@ items: protocol: TCP initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -422,7 +428,7 @@ items: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_pod.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod.golden.yml index bece820398911..e71532066dcf5 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod.golden.yml @@ -166,6 +166,9 @@ spec: name: vote-bot initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -176,7 +179,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml index 9d3807bc0778c..9ff2ca0c9300d 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod_ingress.golden.yml @@ -169,6 +169,9 @@ spec: name: vote-bot initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -179,7 +182,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml index c058f1d2bee1d..f21911ee5947d 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod_proxyignores.golden.yml @@ -168,6 +168,9 @@ spec: name: vote-bot initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -178,7 +181,7 @@ spec: - 4190,4191,22,8100-8102 - --outbound-ports-to-ignore - "5432" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml b/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml index 34ebd667b00e8..2fa0dbd19901b 100644 --- a/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_pod_with_requests.golden.yml @@ -177,6 +177,9 @@ spec: name: vote-bot initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -187,7 +190,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml b/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml index e279928d361c4..a03688a675606 100644 --- a/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml +++ b/cli/cmd/testdata/inject_emojivoto_statefulset.golden.yml @@ -183,6 +183,9 @@ spec: name: http initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -193,7 +196,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml b/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml index 2b6be9717c93f..76ea059d5df3d 100644 --- a/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml +++ b/cli/cmd/testdata/inject_gettest_deployment.good.golden.yml @@ -184,6 +184,9 @@ spec: - containerPort: 9090 initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -194,7 +197,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -420,6 +423,9 @@ spec: - containerPort: 9090 initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -430,7 +436,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml b/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml index 884384a22364d..f911d1dbc3ccc 100644 --- a/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml +++ b/cli/cmd/testdata/inject_tap_deployment_debug.golden.yml @@ -244,6 +244,9 @@ spec: dnsPolicy: ClusterFirst initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -254,7 +257,7 @@ spec: - 4190,4191,4567,4568 - --outbound-ports-to-ignore - 4567,4568 - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install-cni-plugin_default.golden b/cli/cmd/testdata/install-cni-plugin_default.golden index b53078e535d99..217d84cdd42ad 100644 --- a/cli/cmd/testdata/install-cni-plugin_default.golden +++ b/cli/cmd/testdata/install-cni-plugin_default.golden @@ -73,7 +73,9 @@ data: "ports-to-redirect": [], "inbound-ports-to-ignore": ["4191","4190"], "simulate": false, - "use-wait-flag": false + "use-wait-flag": false, + "iptables-mode": "legacy", + "ipv6": true } } --- @@ -118,7 +120,7 @@ spec: # script copies the files into place and then sleeps so # that Kubernetes doesn't keep trying to restart it. - name: install-cni - image: cr.l5d.io/linkerd/cni-plugin:v1.3.0 + image: cr.l5d.io/linkerd/cni-plugin:ipv6 imagePullPolicy: env: - name: DEST_CNI_NET_DIR diff --git a/cli/cmd/testdata/install-cni-plugin_fully_configured.golden b/cli/cmd/testdata/install-cni-plugin_fully_configured.golden index b64981de55e70..d75966fd0e343 100644 --- a/cli/cmd/testdata/install-cni-plugin_fully_configured.golden +++ b/cli/cmd/testdata/install-cni-plugin_fully_configured.golden @@ -73,7 +73,9 @@ data: "ports-to-redirect": [], "inbound-ports-to-ignore": ["4191","4190"], "simulate": false, - "use-wait-flag": false + "use-wait-flag": false, + "iptables-mode": "legacy", + "ipv6": true } } --- diff --git a/cli/cmd/testdata/install-cni-plugin_fully_configured_equal_dsts.golden b/cli/cmd/testdata/install-cni-plugin_fully_configured_equal_dsts.golden index 0bea8074d9255..7f707606f91ac 100644 --- a/cli/cmd/testdata/install-cni-plugin_fully_configured_equal_dsts.golden +++ b/cli/cmd/testdata/install-cni-plugin_fully_configured_equal_dsts.golden @@ -73,7 +73,9 @@ data: "ports-to-redirect": [], "inbound-ports-to-ignore": ["4191","4190"], "simulate": false, - "use-wait-flag": false + "use-wait-flag": false, + "iptables-mode": "legacy", + "ipv6": true } } --- diff --git a/cli/cmd/testdata/install-cni-plugin_fully_configured_no_namespace.golden b/cli/cmd/testdata/install-cni-plugin_fully_configured_no_namespace.golden index b64981de55e70..d75966fd0e343 100644 --- a/cli/cmd/testdata/install-cni-plugin_fully_configured_no_namespace.golden +++ b/cli/cmd/testdata/install-cni-plugin_fully_configured_no_namespace.golden @@ -73,7 +73,9 @@ data: "ports-to-redirect": [], "inbound-ports-to-ignore": ["4191","4190"], "simulate": false, - "use-wait-flag": false + "use-wait-flag": false, + "iptables-mode": "legacy", + "ipv6": true } } --- diff --git a/cli/cmd/testdata/install-cni-plugin_skip_ports.golden b/cli/cmd/testdata/install-cni-plugin_skip_ports.golden index d1b14c150448e..a94f85ca9f132 100644 --- a/cli/cmd/testdata/install-cni-plugin_skip_ports.golden +++ b/cli/cmd/testdata/install-cni-plugin_skip_ports.golden @@ -74,7 +74,9 @@ data: "inbound-ports-to-ignore": ["4191","4190","80","8080"], "outbound-ports-to-ignore": ["443","1000"], "simulate": false, - "use-wait-flag": false + "use-wait-flag": false, + "iptables-mode": "legacy", + "ipv6": true } } --- @@ -119,7 +121,7 @@ spec: # script copies the files into place and then sleeps so # that Kubernetes doesn't keep trying to restart it. - name: install-cni - image: cr.l5d.io/linkerd/cni-plugin:v1.3.0 + image: cr.l5d.io/linkerd/cni-plugin:ipv6 imagePullPolicy: env: - name: DEST_CNI_NET_DIR diff --git a/cli/cmd/testdata/install_cni_helm_default_output.golden b/cli/cmd/testdata/install_cni_helm_default_output.golden index 566534f1efea5..e679988f25bb4 100644 --- a/cli/cmd/testdata/install_cni_helm_default_output.golden +++ b/cli/cmd/testdata/install_cni_helm_default_output.golden @@ -66,7 +66,9 @@ data: "ports-to-redirect": [], "inbound-ports-to-ignore": ["4191","4190"], "simulate": false, - "use-wait-flag": false + "use-wait-flag": false, + "iptables-mode": "legacy", + "ipv6": true } } --- @@ -111,7 +113,7 @@ spec: # script copies the files into place and then sleeps so # that Kubernetes doesn't keep trying to restart it. - name: install-cni - image: cr.l5d.io/linkerd/cni-plugin:v1.3.0 + image: ghcr.io/alpeb/cni-plugin:ipv6 imagePullPolicy: IfNotPresent env: - name: DEST_CNI_NET_DIR diff --git a/cli/cmd/testdata/install_cni_helm_override_output.golden b/cli/cmd/testdata/install_cni_helm_override_output.golden index 2fd31eac240c3..4c70d4aa1c27c 100644 --- a/cli/cmd/testdata/install_cni_helm_override_output.golden +++ b/cli/cmd/testdata/install_cni_helm_override_output.golden @@ -66,7 +66,9 @@ data: "ports-to-redirect": [], "inbound-ports-to-ignore": ["4191","4190"], "simulate": false, - "use-wait-flag": true + "use-wait-flag": true, + "iptables-mode": "legacy", + "ipv6": true } } --- diff --git a/cli/cmd/testdata/install_controlplane_tracing_output.golden b/cli/cmd/testdata/install_controlplane_tracing_output.golden index 0c7855c80f363..81a42c99aa939 100644 --- a/cli/cmd/testdata/install_controlplane_tracing_output.golden +++ b/cli/cmd/testdata/install_controlplane_tracing_output.golden @@ -518,6 +518,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -706,7 +707,7 @@ data: image: name: cr.l5d.io/linkerd/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1074,6 +1075,9 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1084,7 +1088,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1545,6 +1549,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1555,7 +1562,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1895,6 +1902,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1905,7 +1915,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_custom_domain.golden b/cli/cmd/testdata/install_custom_domain.golden index 966848a7f103a..3568cae25c350 100644 --- a/cli/cmd/testdata/install_custom_domain.golden +++ b/cli/cmd/testdata/install_custom_domain.golden @@ -518,6 +518,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -706,7 +707,7 @@ data: image: name: cr.l5d.io/linkerd/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1073,6 +1074,9 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1083,7 +1087,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1543,6 +1547,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1553,7 +1560,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1893,6 +1900,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1903,7 +1913,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_custom_registry.golden b/cli/cmd/testdata/install_custom_registry.golden index 992698beebc50..347003aab6b2f 100644 --- a/cli/cmd/testdata/install_custom_registry.golden +++ b/cli/cmd/testdata/install_custom_registry.golden @@ -518,6 +518,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -706,7 +707,7 @@ data: image: name: my.custom.registry/linkerd-io/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1073,6 +1074,9 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1083,7 +1087,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: my.custom.registry/linkerd-io/proxy-init:v2.2.4 + image: my.custom.registry/linkerd-io/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1543,6 +1547,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1553,7 +1560,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: my.custom.registry/linkerd-io/proxy-init:v2.2.4 + image: my.custom.registry/linkerd-io/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1893,6 +1900,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1903,7 +1913,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: my.custom.registry/linkerd-io/proxy-init:v2.2.4 + image: my.custom.registry/linkerd-io/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_default.golden b/cli/cmd/testdata/install_default.golden index 966848a7f103a..3568cae25c350 100644 --- a/cli/cmd/testdata/install_default.golden +++ b/cli/cmd/testdata/install_default.golden @@ -518,6 +518,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -706,7 +707,7 @@ data: image: name: cr.l5d.io/linkerd/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1073,6 +1074,9 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1083,7 +1087,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1543,6 +1547,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1553,7 +1560,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1893,6 +1900,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1903,7 +1913,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_default_override_dst_get_nets.golden b/cli/cmd/testdata/install_default_override_dst_get_nets.golden index 70d55e742fe28..b0462d0862f93 100644 --- a/cli/cmd/testdata/install_default_override_dst_get_nets.golden +++ b/cli/cmd/testdata/install_default_override_dst_get_nets.golden @@ -518,6 +518,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -706,7 +707,7 @@ data: image: name: cr.l5d.io/linkerd/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1073,6 +1074,9 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1083,7 +1087,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1543,6 +1547,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1553,7 +1560,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1893,6 +1900,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1903,7 +1913,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_default_token.golden b/cli/cmd/testdata/install_default_token.golden index bfafddf89aae6..0d435186ea2fc 100644 --- a/cli/cmd/testdata/install_default_token.golden +++ b/cli/cmd/testdata/install_default_token.golden @@ -518,6 +518,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -706,7 +707,7 @@ data: image: name: cr.l5d.io/linkerd/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1071,6 +1072,9 @@ spec: name: linkerd-identity-end-entity initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1081,7 +1085,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1532,6 +1536,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1542,7 +1549,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1873,6 +1880,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1883,7 +1893,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_ha_output.golden b/cli/cmd/testdata/install_ha_output.golden index d6181093b7658..a24da7844a39d 100644 --- a/cli/cmd/testdata/install_ha_output.golden +++ b/cli/cmd/testdata/install_ha_output.golden @@ -527,6 +527,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: true enablePodDisruptionBudget: true heartbeatResources: @@ -733,7 +734,7 @@ data: image: name: cr.l5d.io/linkerd/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1155,6 +1156,9 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1165,7 +1169,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1671,6 +1675,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1681,7 +1688,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2057,6 +2064,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -2067,7 +2077,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_ha_with_overrides_output.golden b/cli/cmd/testdata/install_ha_with_overrides_output.golden index 6066124c1a1ce..1ca8a04e17a59 100644 --- a/cli/cmd/testdata/install_ha_with_overrides_output.golden +++ b/cli/cmd/testdata/install_ha_with_overrides_output.golden @@ -527,6 +527,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: true enablePodDisruptionBudget: true heartbeatResources: @@ -733,7 +734,7 @@ data: image: name: cr.l5d.io/linkerd/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1155,6 +1156,9 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1165,7 +1169,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1671,6 +1675,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1681,7 +1688,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -2057,6 +2064,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -2067,7 +2077,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_heartbeat_disabled_output.golden b/cli/cmd/testdata/install_heartbeat_disabled_output.golden index aaae91aabe9e5..6d185c6df835b 100644 --- a/cli/cmd/testdata/install_heartbeat_disabled_output.golden +++ b/cli/cmd/testdata/install_heartbeat_disabled_output.golden @@ -449,6 +449,7 @@ data: disableHeartBeat: true enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -637,7 +638,7 @@ data: image: name: cr.l5d.io/linkerd/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1004,6 +1005,9 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1014,7 +1018,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1474,6 +1478,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1484,7 +1491,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1764,6 +1771,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1774,7 +1784,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_helm_control_plane_output.golden b/cli/cmd/testdata/install_helm_control_plane_output.golden index dfcdfec49fe01..61dcd681651af 100644 --- a/cli/cmd/testdata/install_helm_control_plane_output.golden +++ b/cli/cmd/testdata/install_helm_control_plane_output.golden @@ -519,6 +519,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -1046,6 +1047,9 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1518,6 +1522,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1872,6 +1879,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port diff --git a/cli/cmd/testdata/install_helm_control_plane_output_ha.golden b/cli/cmd/testdata/install_helm_control_plane_output_ha.golden index 04f8fad67b242..0b6b35068109e 100644 --- a/cli/cmd/testdata/install_helm_control_plane_output_ha.golden +++ b/cli/cmd/testdata/install_helm_control_plane_output_ha.golden @@ -528,6 +528,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: true enablePodDisruptionBudget: true heartbeatResources: @@ -1128,6 +1129,9 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1646,6 +1650,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -2036,6 +2043,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port diff --git a/cli/cmd/testdata/install_helm_output_ha_labels.golden b/cli/cmd/testdata/install_helm_output_ha_labels.golden index fb4620b9b1e65..188e617a82139 100644 --- a/cli/cmd/testdata/install_helm_output_ha_labels.golden +++ b/cli/cmd/testdata/install_helm_output_ha_labels.golden @@ -528,6 +528,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: true enablePodDisruptionBudget: true heartbeatResources: @@ -1136,6 +1137,9 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1658,6 +1662,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -2056,6 +2063,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port diff --git a/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden b/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden index bfb58e5ab2471..92a63f71dc6e1 100644 --- a/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden +++ b/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden @@ -523,6 +523,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: true enablePodDisruptionBudget: true heartbeatResources: @@ -1118,6 +1119,9 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1636,6 +1640,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -2026,6 +2033,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port diff --git a/cli/cmd/testdata/install_no_init_container.golden b/cli/cmd/testdata/install_no_init_container.golden index 51c2f51014287..2ca6851fd83d0 100644 --- a/cli/cmd/testdata/install_no_init_container.golden +++ b/cli/cmd/testdata/install_no_init_container.golden @@ -518,6 +518,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -706,7 +707,7 @@ data: image: name: cr.l5d.io/linkerd/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" diff --git a/cli/cmd/testdata/install_output.golden b/cli/cmd/testdata/install_output.golden index eebff2e712c83..f4b010c9f5f0c 100644 --- a/cli/cmd/testdata/install_output.golden +++ b/cli/cmd/testdata/install_output.golden @@ -509,6 +509,7 @@ data: disableHeartBeat: false enableEndpointSlices: false enableH2Upgrade: true + enableIPv6: false enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -1042,6 +1043,8 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode + - legacy - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1515,6 +1518,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1863,6 +1868,8 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1947,7 +1954,7 @@ spec: --- apiVersion: v1 data: - linkerd-config-overrides: Y2xpVmVyc2lvbjogQ2xpVmVyc2lvbgpjbHVzdGVyTmV0d29ya3M6IENsdXN0ZXJOZXR3b3Jrcwpjb250cm9sUGxhbmVUcmFjaW5nTmFtZXNwYWNlOiAiIgpjb250cm9sbGVyOiBudWxsCmNvbnRyb2xsZXJJbWFnZTogQ29udHJvbGxlckltYWdlCmNvbnRyb2xsZXJMb2dGb3JtYXQ6IENvbnRyb2xsZXJMb2dGb3JtYXQKY29udHJvbGxlckxvZ0xldmVsOiBDb250cm9sbGVyTG9nTGV2ZWwKZGVidWdDb250YWluZXI6CiAgaW1hZ2U6CiAgICBuYW1lOiBEZWJ1Z0ltYWdlTmFtZQogICAgcHVsbFBvbGljeTogRGVidWdJbWFnZVB1bGxQb2xpY3kKICAgIHZlcnNpb246IERlYnVnVmVyc2lvbgplbmFibGVFbmRwb2ludFNsaWNlczogZmFsc2UKaGVhcnRiZWF0U2NoZWR1bGU6IDEgMiAzIDQgNQppZGVudGl0eToKICBpc3N1ZXI6CiAgICB0bHM6CiAgICAgIGNydFBFTTogfAogICAgICAgIC0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQogICAgICAgIE1JSUJ3RENDQVdlZ0F3SUJBZ0lSQUpSSWdaOFJ0TzhFd2cxWGVwZjhUNDR3Q2dZSUtvWkl6ajBFQXdJd0tURW4KICAgICAgICBNQ1VHQTFVRUF4TWVhV1JsYm5ScGRIa3ViR2x1YTJWeVpDNWpiSFZ6ZEdWeUxteHZZMkZzTUI0WERUSXdNRGd5CiAgICAgICAgT0RBM01UTTBOMW9YRFRNd01EZ3lOakEzTVRNME4xb3dLVEVuTUNVR0ExVUVBeE1lYVdSbGJuUnBkSGt1YkdsdQogICAgICAgIGEyVnlaQzVqYkhWemRHVnlMbXh2WTJGc01Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRTEvRnAKICAgICAgICBmY1JuRGNlZEw2QWpVYVhZUHY0RElNQmFKdWZPSTVOV3R5K1hTWDdKalhnWnRNNzJkUXZSYVlhbnV4RDM2RHQxCiAgICAgICAgMi9KeHlpU2d4S1dSZG9heSthTndNRzR3RGdZRFZSMFBBUUgvQkFRREFnRUdNQklHQTFVZEV3RUIvd1FJTUFZQgogICAgICAgIEFmOENBUUF3SFFZRFZSME9CQllFRkkxV25ycU1ZS2FISE9vK3pweWlpRHEycE8wS01Da0dBMVVkRVFRaU1DQ0MKICAgICAgICBIbWxrWlc1MGFYUjVMbXhwYm10bGNtUXVZMngxYzNSbGNpNXNiMk5oYkRBS0JnZ3Foa2pPUFFRREFnTkhBREJFCiAgICAgICAgQWlBdHVvSTVYdUN0ckdWUnpTbVJUbDJyYTI4YVY5TXlUVTdkNXFuVEFGSEtTZ0lnUktDdmx1T1NnQTVPMjFwNQogICAgICAgIDUxdGRybWtIRVpScjBxbExTSmRIWWdFZk16az0KICAgICAgICAtLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCiAgICAgIGtleVBFTTogfAogICAgICAgIC0tLS0tQkVHSU4gRUMgUFJJVkFURSBLRVktLS0tLQogICAgICAgIE1IY0NBUUVFSUFBZThuZmJ6WnU5Yy9PQjIrOHhKTTBGejdOVXdUUWF6dWxrRk5zNFRJNStvQW9HQ0NxR1NNNDkKICAgICAgICBBd0VIb1VRRFFnQUUxL0ZwZmNSbkRjZWRMNkFqVWFYWVB2NERJTUJhSnVmT0k1Tld0eStYU1g3SmpYZ1p0TTcyCiAgICAgICAgZFF2UmFZYW51eEQzNkR0MTIvSnh5aVNneEtXUmRvYXkrUT09CiAgICAgICAgLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQppZGVudGl0eVRydXN0QW5jaG9yc1BFTTogfAogIC0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQogIE1JSUJ3VENDQVdhZ0F3SUJBZ0lRZURacDVsRGFJeWdRNVVmTUtackZBVEFLQmdncWhrak9QUVFEQWpBcE1TY3cKICBKUVlEVlFRREV4NXBaR1Z1ZEdsMGVTNXNhVzVyWlhKa0xtTnNkWE4wWlhJdWJHOWpZV3d3SGhjTk1qQXdPREk0CiAgTURjeE1qUTNXaGNOTXpBd09ESTJNRGN4TWpRM1dqQXBNU2N3SlFZRFZRUURFeDVwWkdWdWRHbDBlUzVzYVc1cgogIFpYSmtMbU5zZFhOMFpYSXViRzlqWVd3d1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFScWM3MFoKICBsMXZndzc5cmpCNXVTSVRJQ1VBNkd5ZnZTRmZjdUlpczdCL1hGU2trd0FIVTVTL3MxQUFQK1IwVFg3SEJXVUM0CiAgdWFHNFdXc2l3SktObjdtZ28zQXdiakFPQmdOVkhROEJBZjhFQkFNQ0FRWXdFZ1lEVlIwVEFRSC9CQWd3QmdFQgogIC93SUJBVEFkQmdOVkhRNEVGZ1FVNVl0alZWUGZkN0k3TkxIc24yQzI2RUJ5R1Ywd0tRWURWUjBSQkNJd0lJSWUKICBhV1JsYm5ScGRIa3ViR2x1YTJWeVpDNWpiSFZ6ZEdWeUxteHZZMkZzTUFvR0NDcUdTTTQ5QkFNQ0Ewa0FNRVlDCiAgSVFDTjdsQkZMRER2ang2VjArWGtqcEtFUlJzSllmNWFkTXZubG9GbDQ4aWxKZ0loQU50eGhuZGNyK1FKUHVDOAogIHZnVUMwZDIvOUZNdWVJVk1iKzQ2V1RDT2pzcXIKICAtLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCmltYWdlUHVsbFBvbGljeTogSW1hZ2VQdWxsUG9saWN5CmltYWdlUHVsbFNlY3JldHM6IG51bGwKbGlua2VyZFZlcnNpb246IExpbmtlcmRWZXJzaW9uCm5ldHdvcmtWYWxpZGF0b3I6CiAgZW5hYmxlU2VjdXJpdHlDb250ZXh0OiBmYWxzZQpwb2RNb25pdG9yOiBudWxsCnBvbGljeUNvbnRyb2xsZXI6CiAgaW1hZ2U6CiAgICBuYW1lOiBQb2xpY3lDb250cm9sbGVySW1hZ2VOYW1lCiAgICBwdWxsUG9saWN5OiBJbWFnZVB1bGxQb2xpY3kKICAgIHZlcnNpb246IFBvbGljeUNvbnRyb2xsZXJWZXJzaW9uCiAgbG9nTGV2ZWw6IGxvZy1sZXZlbAogIHJlc291cmNlczoKICAgIGNwdToKICAgICAgbGltaXQ6IGNwdS1saW1pdAogICAgICByZXF1ZXN0OiBjcHUtcmVxdWVzdAogICAgbWVtb3J5OgogICAgICBsaW1pdDogbWVtb3J5LWxpbWl0CiAgICAgIHJlcXVlc3Q6IG1lbW9yeS1yZXF1ZXN0CnBvbGljeVZhbGlkYXRvcjoKICBjYUJ1bmRsZTogcG9saWN5IHZhbGlkYXRvciBDQSBidW5kbGUKICBleHRlcm5hbFNlY3JldDogdHJ1ZQpwcmlvcml0eUNsYXNzTmFtZTogUHJpb3JpdHlDbGFzc05hbWUKcHJvZmlsZVZhbGlkYXRvcjoKICBjYUJ1bmRsZTogcHJvZmlsZSB2YWxpZGF0b3IgQ0EgYnVuZGxlCiAgZXh0ZXJuYWxTZWNyZXQ6IHRydWUKcHJveHk6CiAgY29udHJvbDogbnVsbAogIGRlZmF1bHRJbmJvdW5kUG9saWN5OiBkZWZhdWx0LWFsbG93LXBvbGljeQogIGltYWdlOgogICAgbmFtZTogUHJveHlJbWFnZU5hbWUKICAgIHB1bGxQb2xpY3k6IEltYWdlUHVsbFBvbGljeQogICAgdmVyc2lvbjogUHJveHlWZXJzaW9uCiAgaW5ib3VuZENvbm5lY3RUaW1lb3V0OiAiIgogIGluYm91bmREaXNjb3ZlcnlDYWNoZVVudXNlZFRpbWVvdXQ6ICIiCiAgbG9nTGV2ZWw6IHdhcm4sbGlua2VyZD1pbmZvCiAgb3BhcXVlUG9ydHM6IDI1LDQ0Myw1ODcsMzMwNiw1NDMyLDExMjExCiAgb3V0Ym91bmRDb25uZWN0VGltZW91dDogIiIKICBvdXRib3VuZERpc2NvdmVyeUNhY2hlVW51c2VkVGltZW91dDogIiIKICByZXNvdXJjZXM6CiAgICBjcHU6CiAgICAgIGxpbWl0OiBjcHUtbGltaXQKICAgICAgcmVxdWVzdDogY3B1LXJlcXVlc3QKICAgIG1lbW9yeToKICAgICAgbGltaXQ6IG1lbW9yeS1saW1pdAogICAgICByZXF1ZXN0OiBtZW1vcnktcmVxdWVzdAogIHN0YXJ0dXBQcm9iZTogbnVsbApwcm94eUNvbnRhaW5lck5hbWU6IFByb3h5Q29udGFpbmVyTmFtZQpwcm94eUluaXQ6CiAgaWdub3JlSW5ib3VuZFBvcnRzOiAiIgogIGlnbm9yZU91dGJvdW5kUG9ydHM6ICI0NDMiCiAgaW1hZ2U6CiAgICBuYW1lOiBQcm94eUluaXRJbWFnZU5hbWUKICAgIHB1bGxQb2xpY3k6IEltYWdlUHVsbFBvbGljeQogICAgdmVyc2lvbjogUHJveHlJbml0VmVyc2lvbgogIGt1YmVBUElTZXJ2ZXJQb3J0czogIiIKICByZXNvdXJjZXM6CiAgICBjcHU6CiAgICAgIHJlcXVlc3Q6IDEwbQogICAgbWVtb3J5OgogICAgICBsaW1pdDogNTBNaQogICAgICByZXF1ZXN0OiAxME1pCnByb3h5SW5qZWN0b3I6CiAgY2FCdW5kbGU6IHByb3h5IGluamVjdG9yIENBIGJ1bmRsZQogIGV4dGVybmFsU2VjcmV0OiB0cnVlCndlYmhvb2tGYWlsdXJlUG9saWN5OiBXZWJob29rRmFpbHVyZVBvbGljeQo= + linkerd-config-overrides: Y2xpVmVyc2lvbjogQ2xpVmVyc2lvbgpjbHVzdGVyTmV0d29ya3M6IENsdXN0ZXJOZXR3b3Jrcwpjb250cm9sUGxhbmVUcmFjaW5nTmFtZXNwYWNlOiAiIgpjb250cm9sbGVyOiBudWxsCmNvbnRyb2xsZXJJbWFnZTogQ29udHJvbGxlckltYWdlCmNvbnRyb2xsZXJMb2dGb3JtYXQ6IENvbnRyb2xsZXJMb2dGb3JtYXQKY29udHJvbGxlckxvZ0xldmVsOiBDb250cm9sbGVyTG9nTGV2ZWwKZGVidWdDb250YWluZXI6CiAgaW1hZ2U6CiAgICBuYW1lOiBEZWJ1Z0ltYWdlTmFtZQogICAgcHVsbFBvbGljeTogRGVidWdJbWFnZVB1bGxQb2xpY3kKICAgIHZlcnNpb246IERlYnVnVmVyc2lvbgplbmFibGVFbmRwb2ludFNsaWNlczogZmFsc2UKZW5hYmxlSVB2NjogZmFsc2UKaGVhcnRiZWF0U2NoZWR1bGU6IDEgMiAzIDQgNQppZGVudGl0eToKICBpc3N1ZXI6CiAgICB0bHM6CiAgICAgIGNydFBFTTogfAogICAgICAgIC0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQogICAgICAgIE1JSUJ3RENDQVdlZ0F3SUJBZ0lSQUpSSWdaOFJ0TzhFd2cxWGVwZjhUNDR3Q2dZSUtvWkl6ajBFQXdJd0tURW4KICAgICAgICBNQ1VHQTFVRUF4TWVhV1JsYm5ScGRIa3ViR2x1YTJWeVpDNWpiSFZ6ZEdWeUxteHZZMkZzTUI0WERUSXdNRGd5CiAgICAgICAgT0RBM01UTTBOMW9YRFRNd01EZ3lOakEzTVRNME4xb3dLVEVuTUNVR0ExVUVBeE1lYVdSbGJuUnBkSGt1YkdsdQogICAgICAgIGEyVnlaQzVqYkhWemRHVnlMbXh2WTJGc01Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRTEvRnAKICAgICAgICBmY1JuRGNlZEw2QWpVYVhZUHY0RElNQmFKdWZPSTVOV3R5K1hTWDdKalhnWnRNNzJkUXZSYVlhbnV4RDM2RHQxCiAgICAgICAgMi9KeHlpU2d4S1dSZG9heSthTndNRzR3RGdZRFZSMFBBUUgvQkFRREFnRUdNQklHQTFVZEV3RUIvd1FJTUFZQgogICAgICAgIEFmOENBUUF3SFFZRFZSME9CQllFRkkxV25ycU1ZS2FISE9vK3pweWlpRHEycE8wS01Da0dBMVVkRVFRaU1DQ0MKICAgICAgICBIbWxrWlc1MGFYUjVMbXhwYm10bGNtUXVZMngxYzNSbGNpNXNiMk5oYkRBS0JnZ3Foa2pPUFFRREFnTkhBREJFCiAgICAgICAgQWlBdHVvSTVYdUN0ckdWUnpTbVJUbDJyYTI4YVY5TXlUVTdkNXFuVEFGSEtTZ0lnUktDdmx1T1NnQTVPMjFwNQogICAgICAgIDUxdGRybWtIRVpScjBxbExTSmRIWWdFZk16az0KICAgICAgICAtLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCiAgICAgIGtleVBFTTogfAogICAgICAgIC0tLS0tQkVHSU4gRUMgUFJJVkFURSBLRVktLS0tLQogICAgICAgIE1IY0NBUUVFSUFBZThuZmJ6WnU5Yy9PQjIrOHhKTTBGejdOVXdUUWF6dWxrRk5zNFRJNStvQW9HQ0NxR1NNNDkKICAgICAgICBBd0VIb1VRRFFnQUUxL0ZwZmNSbkRjZWRMNkFqVWFYWVB2NERJTUJhSnVmT0k1Tld0eStYU1g3SmpYZ1p0TTcyCiAgICAgICAgZFF2UmFZYW51eEQzNkR0MTIvSnh5aVNneEtXUmRvYXkrUT09CiAgICAgICAgLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQppZGVudGl0eVRydXN0QW5jaG9yc1BFTTogfAogIC0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQogIE1JSUJ3VENDQVdhZ0F3SUJBZ0lRZURacDVsRGFJeWdRNVVmTUtackZBVEFLQmdncWhrak9QUVFEQWpBcE1TY3cKICBKUVlEVlFRREV4NXBaR1Z1ZEdsMGVTNXNhVzVyWlhKa0xtTnNkWE4wWlhJdWJHOWpZV3d3SGhjTk1qQXdPREk0CiAgTURjeE1qUTNXaGNOTXpBd09ESTJNRGN4TWpRM1dqQXBNU2N3SlFZRFZRUURFeDVwWkdWdWRHbDBlUzVzYVc1cgogIFpYSmtMbU5zZFhOMFpYSXViRzlqWVd3d1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFScWM3MFoKICBsMXZndzc5cmpCNXVTSVRJQ1VBNkd5ZnZTRmZjdUlpczdCL1hGU2trd0FIVTVTL3MxQUFQK1IwVFg3SEJXVUM0CiAgdWFHNFdXc2l3SktObjdtZ28zQXdiakFPQmdOVkhROEJBZjhFQkFNQ0FRWXdFZ1lEVlIwVEFRSC9CQWd3QmdFQgogIC93SUJBVEFkQmdOVkhRNEVGZ1FVNVl0alZWUGZkN0k3TkxIc24yQzI2RUJ5R1Ywd0tRWURWUjBSQkNJd0lJSWUKICBhV1JsYm5ScGRIa3ViR2x1YTJWeVpDNWpiSFZ6ZEdWeUxteHZZMkZzTUFvR0NDcUdTTTQ5QkFNQ0Ewa0FNRVlDCiAgSVFDTjdsQkZMRER2ang2VjArWGtqcEtFUlJzSllmNWFkTXZubG9GbDQ4aWxKZ0loQU50eGhuZGNyK1FKUHVDOAogIHZnVUMwZDIvOUZNdWVJVk1iKzQ2V1RDT2pzcXIKICAtLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCmltYWdlUHVsbFBvbGljeTogSW1hZ2VQdWxsUG9saWN5CmltYWdlUHVsbFNlY3JldHM6IG51bGwKbGlua2VyZFZlcnNpb246IExpbmtlcmRWZXJzaW9uCm5ldHdvcmtWYWxpZGF0b3I6CiAgZW5hYmxlU2VjdXJpdHlDb250ZXh0OiBmYWxzZQpwb2RNb25pdG9yOiBudWxsCnBvbGljeUNvbnRyb2xsZXI6CiAgaW1hZ2U6CiAgICBuYW1lOiBQb2xpY3lDb250cm9sbGVySW1hZ2VOYW1lCiAgICBwdWxsUG9saWN5OiBJbWFnZVB1bGxQb2xpY3kKICAgIHZlcnNpb246IFBvbGljeUNvbnRyb2xsZXJWZXJzaW9uCiAgbG9nTGV2ZWw6IGxvZy1sZXZlbAogIHJlc291cmNlczoKICAgIGNwdToKICAgICAgbGltaXQ6IGNwdS1saW1pdAogICAgICByZXF1ZXN0OiBjcHUtcmVxdWVzdAogICAgbWVtb3J5OgogICAgICBsaW1pdDogbWVtb3J5LWxpbWl0CiAgICAgIHJlcXVlc3Q6IG1lbW9yeS1yZXF1ZXN0CnBvbGljeVZhbGlkYXRvcjoKICBjYUJ1bmRsZTogcG9saWN5IHZhbGlkYXRvciBDQSBidW5kbGUKICBleHRlcm5hbFNlY3JldDogdHJ1ZQpwcmlvcml0eUNsYXNzTmFtZTogUHJpb3JpdHlDbGFzc05hbWUKcHJvZmlsZVZhbGlkYXRvcjoKICBjYUJ1bmRsZTogcHJvZmlsZSB2YWxpZGF0b3IgQ0EgYnVuZGxlCiAgZXh0ZXJuYWxTZWNyZXQ6IHRydWUKcHJveHk6CiAgY29udHJvbDogbnVsbAogIGRlZmF1bHRJbmJvdW5kUG9saWN5OiBkZWZhdWx0LWFsbG93LXBvbGljeQogIGltYWdlOgogICAgbmFtZTogUHJveHlJbWFnZU5hbWUKICAgIHB1bGxQb2xpY3k6IEltYWdlUHVsbFBvbGljeQogICAgdmVyc2lvbjogUHJveHlWZXJzaW9uCiAgaW5ib3VuZENvbm5lY3RUaW1lb3V0OiAiIgogIGluYm91bmREaXNjb3ZlcnlDYWNoZVVudXNlZFRpbWVvdXQ6ICIiCiAgbG9nTGV2ZWw6IHdhcm4sbGlua2VyZD1pbmZvCiAgb3BhcXVlUG9ydHM6IDI1LDQ0Myw1ODcsMzMwNiw1NDMyLDExMjExCiAgb3V0Ym91bmRDb25uZWN0VGltZW91dDogIiIKICBvdXRib3VuZERpc2NvdmVyeUNhY2hlVW51c2VkVGltZW91dDogIiIKICByZXNvdXJjZXM6CiAgICBjcHU6CiAgICAgIGxpbWl0OiBjcHUtbGltaXQKICAgICAgcmVxdWVzdDogY3B1LXJlcXVlc3QKICAgIG1lbW9yeToKICAgICAgbGltaXQ6IG1lbW9yeS1saW1pdAogICAgICByZXF1ZXN0OiBtZW1vcnktcmVxdWVzdAogIHN0YXJ0dXBQcm9iZTogbnVsbApwcm94eUNvbnRhaW5lck5hbWU6IFByb3h5Q29udGFpbmVyTmFtZQpwcm94eUluaXQ6CiAgaWdub3JlSW5ib3VuZFBvcnRzOiAiIgogIGlnbm9yZU91dGJvdW5kUG9ydHM6ICI0NDMiCiAgaW1hZ2U6CiAgICBuYW1lOiBQcm94eUluaXRJbWFnZU5hbWUKICAgIHB1bGxQb2xpY3k6IEltYWdlUHVsbFBvbGljeQogICAgdmVyc2lvbjogUHJveHlJbml0VmVyc2lvbgogIGt1YmVBUElTZXJ2ZXJQb3J0czogIiIKICByZXNvdXJjZXM6CiAgICBjcHU6CiAgICAgIHJlcXVlc3Q6IDEwbQogICAgbWVtb3J5OgogICAgICBsaW1pdDogNTBNaQogICAgICByZXF1ZXN0OiAxME1pCnByb3h5SW5qZWN0b3I6CiAgY2FCdW5kbGU6IHByb3h5IGluamVjdG9yIENBIGJ1bmRsZQogIGV4dGVybmFsU2VjcmV0OiB0cnVlCndlYmhvb2tGYWlsdXJlUG9saWN5OiBXZWJob29rRmFpbHVyZVBvbGljeQo= kind: Secret metadata: creationTimestamp: null diff --git a/cli/cmd/testdata/install_proxy_ignores.golden b/cli/cmd/testdata/install_proxy_ignores.golden index cba2a4a2d3610..cdf6e06fb412b 100644 --- a/cli/cmd/testdata/install_proxy_ignores.golden +++ b/cli/cmd/testdata/install_proxy_ignores.golden @@ -518,6 +518,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -706,7 +707,7 @@ data: image: name: cr.l5d.io/linkerd/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1073,6 +1074,9 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1083,7 +1087,7 @@ spec: - "4190,4191,22,8100-8102" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1543,6 +1547,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1553,7 +1560,7 @@ spec: - "4190,4191,22,8100-8102" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1893,6 +1900,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1903,7 +1913,7 @@ spec: - "4190,4191,22,8100-8102" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/cli/cmd/testdata/install_values_file.golden b/cli/cmd/testdata/install_values_file.golden index 2e63e2914e1c0..e308288585a68 100644 --- a/cli/cmd/testdata/install_values_file.golden +++ b/cli/cmd/testdata/install_values_file.golden @@ -518,6 +518,7 @@ data: disableHeartBeat: false enableEndpointSlices: true enableH2Upgrade: true + enableIPv6: true enablePodAntiAffinity: false enablePodDisruptionBudget: false heartbeatResources: null @@ -706,7 +707,7 @@ data: image: name: cr.l5d.io/linkerd/proxy-init pullPolicy: "" - version: v2.2.4 + version: ipv6 iptablesMode: legacy kubeAPIServerPorts: 443,6443 logFormat: "" @@ -1073,6 +1074,9 @@ spec: name: linkerd-identity-token initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1083,7 +1087,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1543,6 +1547,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1553,7 +1560,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: @@ -1893,6 +1900,9 @@ spec: readOnly: true initContainers: - args: + - --iptables-mode + - legacy + - --ipv6 - --incoming-proxy-port - "4143" - --outgoing-proxy-port @@ -1903,7 +1913,7 @@ spec: - "4190,4191,4567,4568" - --outbound-ports-to-ignore - "443,6443" - image: cr.l5d.io/linkerd/proxy-init:v2.2.4 + image: cr.l5d.io/linkerd/proxy-init:ipv6 imagePullPolicy: IfNotPresent name: linkerd-init resources: diff --git a/controller/proxy-injector/fake/data/pod-with-debug.patch.json b/controller/proxy-injector/fake/data/pod-with-debug.patch.json index 443bdc19f634b..4e9d910a207dd 100644 --- a/controller/proxy-injector/fake/data/pod-with-debug.patch.json +++ b/controller/proxy-injector/fake/data/pod-with-debug.patch.json @@ -47,6 +47,9 @@ "path": "/spec/initContainers/-", "value": { "args": [ + "--iptables-mode", + "legacy", + "--ipv6", "--incoming-proxy-port", "4143", "--outgoing-proxy-port", @@ -58,7 +61,7 @@ "--outbound-ports-to-ignore", "4567,4568" ], - "image": "cr.l5d.io/linkerd/proxy-init:v2.2.4", + "image": "cr.l5d.io/linkerd/proxy-init:ipv6", "imagePullPolicy": "IfNotPresent", "name": "linkerd-init", "resources": { diff --git a/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json b/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json index cdab04c39b850..c930f22c4be28 100644 --- a/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json +++ b/controller/proxy-injector/fake/data/pod-with-ns-annotations.patch.json @@ -57,6 +57,9 @@ "path": "/spec/initContainers/-", "value": { "args": [ + "--iptables-mode", + "legacy", + "--ipv6", "--incoming-proxy-port", "4143", "--outgoing-proxy-port", @@ -68,7 +71,7 @@ "--outbound-ports-to-ignore", "34567" ], - "image": "cr.l5d.io/linkerd/proxy-init:v2.2.4", + "image": "cr.l5d.io/linkerd/proxy-init:ipv6", "imagePullPolicy": "IfNotPresent", "name": "linkerd-init", "resources": { diff --git a/controller/proxy-injector/fake/data/pod.patch.json b/controller/proxy-injector/fake/data/pod.patch.json index 3352a7c65e430..eb09f39090d00 100644 --- a/controller/proxy-injector/fake/data/pod.patch.json +++ b/controller/proxy-injector/fake/data/pod.patch.json @@ -47,6 +47,9 @@ "path": "/spec/initContainers/-", "value": { "args": [ + "--iptables-mode", + "legacy", + "--ipv6", "--incoming-proxy-port", "4143", "--outgoing-proxy-port", @@ -58,7 +61,7 @@ "--outbound-ports-to-ignore", "4567,4568" ], - "image": "cr.l5d.io/linkerd/proxy-init:v2.2.4", + "image": "cr.l5d.io/linkerd/proxy-init:ipv6", "imagePullPolicy": "IfNotPresent", "name": "linkerd-init", "resources": { diff --git a/justfile b/justfile index db5396f9302d7..de7b105440645 100644 --- a/justfile +++ b/justfile @@ -291,8 +291,8 @@ policy-controller-image := DOCKER_REGISTRY + "/policy-controller" # # We execute these commands lazily in case `yq` isn't present (so that other # just recipes can succeed). -_proxy-init-image-cmd := "yq '.proxyInit.image | \"ghcr.io/linkerd/proxy-init:\" + .version' charts/linkerd-control-plane/values.yaml" -_cni-plugin-image-cmd := "yq '.image | \"ghcr.io/linkerd/cni-plugin:\" + .version' charts/linkerd2-cni/values.yaml" +_proxy-init-image-cmd := "yq '.proxyInit.image | \"ghcr.io/alpeb/proxy-init:\" + .version' charts/linkerd-control-plane/values.yaml" +_cni-plugin-image-cmd := "yq '.image | \"ghcr.io/alpeb/cni-plugin:\" + .version' charts/linkerd2-cni/values.yaml" _prometheus-image-cmd := "yq '.prometheus.image | .registry + \"/\" + .name + \":\" + .tag' viz/charts/linkerd-viz/values.yaml" linkerd *flags: @@ -317,7 +317,7 @@ linkerd-install *args='': linkerd-load linkerd-crds-install && _linkerd-ready --set='policyController.loglevel=info\,linkerd=trace\,kubert=trace' \ --set='proxy.image.name={{ proxy-image }}' \ --set='proxy.image.version={{ linkerd-tag }}' \ - --set='proxyInit.image.name=ghcr.io/linkerd/proxy-init' \ + --set='proxyInit.image.name=ghcr.io/alpeb/proxy-init' \ {{ args }} \ | {{ _kubectl }} apply -f - @@ -464,7 +464,7 @@ _linkerd-viz-uninit: ## ## linkerd multicluster -## +## _mc-target-k3d-flags := "--k3s-arg --disable='local-storage,metrics-server@server:*' --k3s-arg '--cluster-cidr=10.23.0.0/24@server:*'" diff --git a/pkg/charts/cni/values.go b/pkg/charts/cni/values.go index 46e29d23d567e..cbd72be7d370a 100644 --- a/pkg/charts/cni/values.go +++ b/pkg/charts/cni/values.go @@ -66,6 +66,8 @@ type Values struct { CommonLabels map[string]string `json:"commonLabels"` ImagePullSecrets []map[string]string `json:"imagePullSecrets"` ExtraInitContainers []interface{} `json:"extraInitContainers"` + IptablesMode string `json:"iptablesMode"` + EnableIPv6 bool `json:"enableIPv6"` EnablePSP bool `json:"enablePSP"` Privileged bool `json:"privileged"` Resources Resources `json:"resources"` diff --git a/pkg/charts/linkerd2/values.go b/pkg/charts/linkerd2/values.go index bf1968ca700c2..26bdd2d2d4e97 100644 --- a/pkg/charts/linkerd2/values.go +++ b/pkg/charts/linkerd2/values.go @@ -49,6 +49,7 @@ type ( HighAvailability bool `json:"highAvailability"` CNIEnabled bool `json:"cniEnabled"` EnableEndpointSlices bool `json:"enableEndpointSlices"` + EnableIPv6 bool `json:"enableIPv6"` ControlPlaneTracing bool `json:"controlPlaneTracing"` ControlPlaneTracingNamespace string `json:"controlPlaneTracingNamespace"` IdentityTrustAnchorsPEM string `json:"identityTrustAnchorsPEM"` diff --git a/pkg/charts/linkerd2/values_test.go b/pkg/charts/linkerd2/values_test.go index c83b81240702f..0a48b2574facf 100644 --- a/pkg/charts/linkerd2/values_test.go +++ b/pkg/charts/linkerd2/values_test.go @@ -66,6 +66,7 @@ func TestNewValues(t *testing.T) { PodAnnotations: map[string]string{}, PodLabels: map[string]string{}, EnableEndpointSlices: true, + EnableIPv6: true, EnablePodDisruptionBudget: false, Controller: &Controller{ PodDisruptionBudget: &PodDisruptionBudget{ diff --git a/pkg/version/version.go b/pkg/version/version.go index 503897705382a..9bfe9385d8be2 100644 --- a/pkg/version/version.go +++ b/pkg/version/version.go @@ -15,8 +15,8 @@ var Version = undefinedVersion // ProxyInitVersion is the pinned version of the proxy-init, from // https://github.com/linkerd/linkerd2-proxy-init This has to be kept in sync // with the default version in the control plane's values.yaml. -var ProxyInitVersion = "v2.2.4" -var LinkerdCNIVersion = "v1.3.0" +var ProxyInitVersion = "ipv6" +var LinkerdCNIVersion = "ipv6" const ( // undefinedVersion should take the form `channel-version` to conform to diff --git a/test/integration/install/inject/inject_test.go b/test/integration/install/inject/inject_test.go index 0d8f2fac8cdfd..e3a2ad9a51202 100644 --- a/test/integration/install/inject/inject_test.go +++ b/test/integration/install/inject/inject_test.go @@ -388,7 +388,7 @@ func TestInjectAutoPod(t *testing.T) { falsy := false initUser := int64(65534) seccompProfile := &v1.SeccompProfile{Type: v1.SeccompProfileTypeRuntimeDefault} - reg := "cr.l5d.io/linkerd" + reg := "ghcr.io/alpeb" if override := os.Getenv(flags.EnvOverrideDockerRegistry); override != "" { reg = override } @@ -396,6 +396,8 @@ func TestInjectAutoPod(t *testing.T) { Name: k8s.InitContainerName, Image: reg + "/proxy-init:" + version.ProxyInitVersion, Args: []string{ + "--iptables-mode=legacy", + "--ipv6", "--incoming-proxy-port", "4143", "--outgoing-proxy-port", "4140", "--proxy-uid", "2102", diff --git a/test/integration/multicluster/install_test.go b/test/integration/multicluster/install_test.go index a19b265878b3e..3ec0968eaab71 100644 --- a/test/integration/multicluster/install_test.go +++ b/test/integration/multicluster/install_test.go @@ -113,7 +113,7 @@ func TestInstall(t *testing.T) { cmd = []string{ "install", "--controller-log-level", "debug", - "--set", "proxyInit.image.name=ghcr.io/linkerd/proxy-init", + "--set", "proxyInit.image.name=ghcr.io/alpeb/proxy-init", "--set", fmt.Sprintf("proxyInit.image.version=%s", version.ProxyInitVersion), "--set", fmt.Sprintf("proxy.image.version=%s", TestHelper.GetVersion()), "--set", "heartbeatSchedule=1 2 3 4 5",